Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-53107

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> veth: Fix use after free in XDP_REDIRECT<br /> <br /> Commit 718a18a0c8a6 ("veth: Rework veth_xdp_rcv_skb in order<br /> to accept non-linear skb") introduced a bug where it tried to<br /> use pskb_expand_head() if the headroom was less than<br /> XDP_PACKET_HEADROOM. This however uses kmalloc to expand the head,<br /> which will later allow consume_skb() to free the skb while is it still<br /> in use by AF_XDP.<br /> <br /> Previously if the headroom was less than XDP_PACKET_HEADROOM we<br /> continued on to allocate a new skb from pages so this restores that<br /> behavior.<br /> <br /> BUG: KASAN: use-after-free in __xsk_rcv+0x18d/0x2c0<br /> Read of size 78 at addr ffff888976250154 by task napi/iconduit-g/148640<br /> <br /> CPU: 5 PID: 148640 Comm: napi/iconduit-g Kdump: loaded Tainted: G O 6.1.4-cloudflare-kasan-2023.1.2 #1<br /> Hardware name: Quanta Computer Inc. QuantaPlex T41S-2U/S2S-MB, BIOS S2S_3B10.03 06/21/2018<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x34/0x48<br /> print_report+0x170/0x473<br /> ? __xsk_rcv+0x18d/0x2c0<br /> kasan_report+0xad/0x130<br /> ? __xsk_rcv+0x18d/0x2c0<br /> kasan_check_range+0x149/0x1a0<br /> memcpy+0x20/0x60<br /> __xsk_rcv+0x18d/0x2c0<br /> __xsk_map_redirect+0x1f3/0x490<br /> ? veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]<br /> xdp_do_redirect+0x5ca/0xd60<br /> veth_xdp_rcv_skb+0x935/0x1ba0 [veth]<br /> ? __netif_receive_skb_list_core+0x671/0x920<br /> ? veth_xdp+0x670/0x670 [veth]<br /> veth_xdp_rcv+0x304/0xa20 [veth]<br /> ? do_xdp_generic+0x150/0x150<br /> ? veth_xdp_rcv_one+0xde0/0xde0 [veth]<br /> ? _raw_spin_lock_bh+0xe0/0xe0<br /> ? newidle_balance+0x887/0xe30<br /> ? __perf_event_task_sched_in+0xdb/0x800<br /> veth_poll+0x139/0x571 [veth]<br /> ? veth_xdp_rcv+0xa20/0xa20 [veth]<br /> ? _raw_spin_unlock+0x39/0x70<br /> ? finish_task_switch.isra.0+0x17e/0x7d0<br /> ? __switch_to+0x5cf/0x1070<br /> ? __schedule+0x95b/0x2640<br /> ? io_schedule_timeout+0x160/0x160<br /> __napi_poll+0xa1/0x440<br /> napi_threaded_poll+0x3d1/0x460<br /> ? __napi_poll+0x440/0x440<br /> ? __kthread_parkme+0xc6/0x1f0<br /> ? __napi_poll+0x440/0x440<br /> kthread+0x2a2/0x340<br /> ? kthread_complete_and_exit+0x20/0x20<br /> ret_from_fork+0x22/0x30<br /> <br /> <br /> Freed by task 148640:<br /> kasan_save_stack+0x23/0x50<br /> kasan_set_track+0x21/0x30<br /> kasan_save_free_info+0x2a/0x40<br /> ____kasan_slab_free+0x169/0x1d0<br /> slab_free_freelist_hook+0xd2/0x190<br /> __kmem_cache_free+0x1a1/0x2f0<br /> skb_release_data+0x449/0x600<br /> consume_skb+0x9f/0x1c0<br /> veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]<br /> veth_xdp_rcv+0x304/0xa20 [veth]<br /> veth_poll+0x139/0x571 [veth]<br /> __napi_poll+0xa1/0x440<br /> napi_threaded_poll+0x3d1/0x460<br /> kthread+0x2a2/0x340<br /> ret_from_fork+0x22/0x30<br /> <br /> The buggy address belongs to the object at ffff888976250000<br /> which belongs to the cache kmalloc-2k of size 2048<br /> The buggy address is located 340 bytes inside of<br /> 2048-byte region [ffff888976250000, ffff888976250800)<br /> <br /> The buggy address belongs to the physical page:<br /> page:00000000ae18262a refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x976250<br /> head:00000000ae18262a order:3 compound_mapcount:0 compound_pincount:0<br /> flags: 0x2ffff800010200(slab|head|node=0|zone=2|lastcpupid=0x1ffff)<br /> raw: 002ffff800010200 0000000000000000 dead000000000122 ffff88810004cf00<br /> raw: 0000000000000000 0000000080080008 00000002ffffffff 0000000000000000<br /> page dumped because: kasan: bad access detected<br /> <br /> Memory state around the buggy address:<br /> ffff888976250000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> ffff888976250080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> &gt; ffff888976250100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> ^<br /> ffff888976250180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> ffff888976250200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53108

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/iucv: Fix size of interrupt data<br /> <br /> iucv_irq_data needs to be 4 bytes larger.<br /> These bytes are not used by the iucv module, but written by<br /> the z/VM hypervisor in case a CPU is deconfigured.<br /> <br /> Reported as:<br /> BUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten<br /> -----------------------------------------------------------------------------<br /> 0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc<br /> Allocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1<br /> __kmem_cache_alloc_node+0x166/0x450<br /> kmalloc_node_trace+0x3a/0x70<br /> iucv_cpu_prepare+0x44/0xd0<br /> cpuhp_invoke_callback+0x156/0x2f0<br /> cpuhp_issue_call+0xf0/0x298<br /> __cpuhp_setup_state_cpuslocked+0x136/0x338<br /> __cpuhp_setup_state+0xf4/0x288<br /> iucv_init+0xf4/0x280<br /> do_one_initcall+0x78/0x390<br /> do_initcalls+0x11a/0x140<br /> kernel_init_freeable+0x25e/0x2a0<br /> kernel_init+0x2e/0x170<br /> __ret_from_fork+0x3c/0x58<br /> ret_from_fork+0xa/0x40<br /> Freed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1<br /> __kmem_cache_free+0x308/0x358<br /> iucv_init+0x92/0x280<br /> do_one_initcall+0x78/0x390<br /> do_initcalls+0x11a/0x140<br /> kernel_init_freeable+0x25e/0x2a0<br /> kernel_init+0x2e/0x170<br /> __ret_from_fork+0x3c/0x58<br /> ret_from_fork+0xa/0x40<br /> Slab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0|<br /> Object 0x0000000000400540 @offset=1344 fp=0x0000000000000000<br /> Redzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Redzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Redzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Redzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Object 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> Object 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................<br /> Object 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................<br /> Object 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Redzone 0000000000400580: cc cc cc cc cc cc cc cc ........<br /> Padding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ<br /> Padding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ<br /> Padding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ<br /> CPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1<br /> Hardware name: IBM 3931 A01 704 (z/VM 7.3.0)<br /> Call Trace:<br /> [] dump_stack_lvl+0xac/0x100<br /> [] check_bytes_and_report+0x104/0x140<br /> [] check_object+0x370/0x3c0<br /> [] free_debug_processing+0x15e/0x348<br /> [] free_to_partial_list+0x9a/0x2f0<br /> [] __slab_free+0x1e4/0x3a8<br /> [] __kmem_cache_free+0x308/0x358<br /> [] iucv_cpu_dead+0x6c/0x88<br /> [] cpuhp_invoke_callback+0x156/0x2f0<br /> [] _cpu_down.constprop.0+0x22a/0x5e0<br /> [] cpu_device_down+0x4e/0x78<br /> [] device_offline+0xc8/0x118<br /> [] online_store+0x60/0xe0<br /> [] kernfs_fop_write_iter+0x150/0x1e8<br /> [] vfs_write+0x174/0x360<br /> [] ksys_write+0x74/0x100<br /> [] __do_syscall+0x1da/0x208<br /> [] system_call+0x82/0xb0<br /> INFO: lockdep is turned off.<br /> FIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc<br /> FIX dma-kmalloc-64: Object at 0x0000000000400540 not freed
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53109

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: tunnels: annotate lockless accesses to dev-&gt;needed_headroom<br /> <br /> IP tunnels can apparently update dev-&gt;needed_headroom<br /> in their xmit path.<br /> <br /> This patch takes care of three tunnels xmit, and also the<br /> core LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA()<br /> helpers.<br /> <br /> More changes might be needed for completeness.<br /> <br /> BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit<br /> <br /> read to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1:<br /> ip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803<br /> __gre_xmit net/ipv4/ip_gre.c:469 [inline]<br /> ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661<br /> __netdev_start_xmit include/linux/netdevice.h:4881 [inline]<br /> netdev_start_xmit include/linux/netdevice.h:4895 [inline]<br /> xmit_one net/core/dev.c:3580 [inline]<br /> dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596<br /> __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246<br /> dev_queue_xmit include/linux/netdevice.h:3051 [inline]<br /> neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623<br /> neigh_output include/net/neighbour.h:546 [inline]<br /> ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228<br /> ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316<br /> NF_HOOK_COND include/linux/netfilter.h:291 [inline]<br /> ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430<br /> dst_output include/net/dst.h:444 [inline]<br /> ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126<br /> iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82<br /> ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813<br /> __gre_xmit net/ipv4/ip_gre.c:469 [inline]<br /> ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661<br /> __netdev_start_xmit include/linux/netdevice.h:4881 [inline]<br /> netdev_start_xmit include/linux/netdevice.h:4895 [inline]<br /> xmit_one net/core/dev.c:3580 [inline]<br /> dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596<br /> __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246<br /> dev_queue_xmit include/linux/netdevice.h:3051 [inline]<br /> neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623<br /> neigh_output include/net/neighbour.h:546 [inline]<br /> ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228<br /> ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316<br /> NF_HOOK_COND include/linux/netfilter.h:291 [inline]<br /> ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430<br /> dst_output include/net/dst.h:444 [inline]<br /> ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126<br /> iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82<br /> ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813<br /> __gre_xmit net/ipv4/ip_gre.c:469 [inline]<br /> ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661<br /> __netdev_start_xmit include/linux/netdevice.h:4881 [inline]<br /> netdev_start_xmit include/linux/netdevice.h:4895 [inline]<br /> xmit_one net/core/dev.c:3580 [inline]<br /> dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596<br /> __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246<br /> dev_queue_xmit include/linux/netdevice.h:3051 [inline]<br /> neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623<br /> neigh_output include/net/neighbour.h:546 [inline]<br /> ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228<br /> ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316<br /> NF_HOOK_COND include/linux/netfilter.h:291 [inline]<br /> ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430<br /> dst_output include/net/dst.h:444 [inline]<br /> ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126<br /> iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82<br /> ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813<br /> __gre_xmit net/ipv4/ip_gre.c:469 [inline]<br /> ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661<br /> __netdev_start_xmit include/linux/netdevice.h:4881 [inline]<br /> netdev_start_xmit include/linux/netdevice.h:4895 [inline]<br /> xmit_one net/core/dev.c:3580 [inline]<br /> dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596<br /> __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246<br /> dev_queue_xmit include/linux/netdevice.h:3051 [inline]<br /> neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623<br /> neigh_output include/net/neighbour.h:546 [inline]<br /> ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228<br /> ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316<br /> NF_HOOK_COND include/linux/netfilter.h:291 [inline]<br /> ip_output+0xe5/0x1b0 net/i<br /> ---truncated---
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53110

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()<br /> <br /> When performing a stress test on SMC-R by rmmod mlx5_ib driver<br /> during the wrk/nginx test, we found that there is a probability<br /> of triggering a panic while terminating all link groups.<br /> <br /> This issue dues to the race between smc_smcr_terminate_all()<br /> and smc_buf_create().<br /> <br /> smc_smcr_terminate_all<br /> <br /> smc_buf_create<br /> /* init */<br /> conn-&gt;sndbuf_desc = NULL;<br /> ...<br /> <br /> __smc_lgr_terminate<br /> smc_conn_kill<br /> smc_close_abort<br /> smc_cdc_get_slot_and_msg_send<br /> <br /> __softirqentry_text_start<br /> smc_wr_tx_process_cqe<br /> smc_cdc_tx_handler<br /> READ(conn-&gt;sndbuf_desc-&gt;len);<br /> /* panic dues to NULL sndbuf_desc */<br /> <br /> conn-&gt;sndbuf_desc = xxx;<br /> <br /> This patch tries to fix the issue by always to check the sndbuf_desc<br /> before send any cdc msg, to make sure that no null pointer is<br /> seen during cqe processing.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53091

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: update s_journal_inum if it changes after journal replay<br /> <br /> When mounting a crafted ext4 image, s_journal_inum may change after journal<br /> replay, which is obviously unreasonable because we have successfully loaded<br /> and replayed the journal through the old s_journal_inum. And the new<br /> s_journal_inum bypasses some of the checks in ext4_get_journal(), which<br /> may trigger a null pointer dereference problem. So if s_journal_inum<br /> changes after the journal replay, we ignore the change, and rewrite the<br /> current journal_inum to the superblock.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53092

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> interconnect: exynos: fix node leak in probe PM QoS error path<br /> <br /> Make sure to add the newly allocated interconnect node to the provider<br /> before adding the PM QoS request so that the node is freed on errors.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53093

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing: Do not let histogram values have some modifiers<br /> <br /> Histogram values can not be strings, stacktraces, graphs, symbols,<br /> syscalls, or grouped in buckets or log. Give an error if a value is set to<br /> do so.<br /> <br /> Note, the histogram code was not prepared to handle these modifiers for<br /> histograms and caused a bug.<br /> <br /> Mark Rutland reported:<br /> <br /> # echo &amp;#39;p:copy_to_user __arch_copy_to_user n=$arg2&amp;#39; &gt;&gt; /sys/kernel/tracing/kprobe_events<br /> # echo &amp;#39;hist:keys=n:vals=hitcount.buckets=8:sort=hitcount&amp;#39; &gt; /sys/kernel/tracing/events/kprobes/copy_to_user/trigger<br /> # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist<br /> [ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000<br /> [ 143.695190] Mem abort info:<br /> [ 143.695362] ESR = 0x0000000096000004<br /> [ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits<br /> [ 143.695889] SET = 0, FnV = 0<br /> [ 143.696077] EA = 0, S1PTW = 0<br /> [ 143.696302] FSC = 0x04: level 0 translation fault<br /> [ 143.702381] Data abort info:<br /> [ 143.702614] ISV = 0, ISS = 0x00000004<br /> [ 143.702832] CM = 0, WnR = 0<br /> [ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000<br /> [ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000<br /> [ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP<br /> [ 143.704714] Modules linked in:<br /> [ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3<br /> [ 143.706138] Hardware name: linux,dummy-virt (DT)<br /> [ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> [ 143.707120] pc : hist_field_name.part.0+0x14/0x140<br /> [ 143.707504] lr : hist_field_name.part.0+0x104/0x140<br /> [ 143.707774] sp : ffff800008333a30<br /> [ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0<br /> [ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800<br /> [ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001<br /> [ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000<br /> [ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000<br /> [ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023<br /> [ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c<br /> [ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c<br /> [ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d<br /> [ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000<br /> [ 143.711746] Call trace:<br /> [ 143.712115] hist_field_name.part.0+0x14/0x140<br /> [ 143.712642] hist_field_name.part.0+0x104/0x140<br /> [ 143.712925] hist_field_print+0x28/0x140<br /> [ 143.713125] event_hist_trigger_print+0x174/0x4d0<br /> [ 143.713348] hist_show+0xf8/0x980<br /> [ 143.713521] seq_read_iter+0x1bc/0x4b0<br /> [ 143.713711] seq_read+0x8c/0xc4<br /> [ 143.713876] vfs_read+0xc8/0x2a4<br /> [ 143.714043] ksys_read+0x70/0xfc<br /> [ 143.714218] __arm64_sys_read+0x24/0x30<br /> [ 143.714400] invoke_syscall+0x50/0x120<br /> [ 143.714587] el0_svc_common.constprop.0+0x4c/0x100<br /> [ 143.714807] do_el0_svc+0x44/0xd0<br /> [ 143.714970] el0_svc+0x2c/0x84<br /> [ 143.715134] el0t_64_sync_handler+0xbc/0x140<br /> [ 143.715334] el0t_64_sync+0x190/0x194<br /> [ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000)<br /> [ 143.716510] ---[ end trace 0000000000000000 ]---<br /> Segmentation fault
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53094

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tty: serial: fsl_lpuart: fix race on RX DMA shutdown<br /> <br /> From time to time DMA completion can come in the middle of DMA shutdown:<br /> <br /> : :<br /> lpuart32_shutdown()<br /> lpuart_dma_shutdown()<br /> del_timer_sync()<br /> lpuart_dma_rx_complete()<br /> lpuart_copy_rx_to_tty()<br /> mod_timer()<br /> lpuart_dma_rx_free()<br /> <br /> When the timer fires a bit later, sport-&gt;dma_rx_desc is NULL:<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004<br /> pc : lpuart_copy_rx_to_tty+0xcc/0x5bc<br /> lr : lpuart_timer_func+0x1c/0x2c<br /> Call trace:<br /> lpuart_copy_rx_to_tty<br /> lpuart_timer_func<br /> call_timer_fn<br /> __run_timers.part.0<br /> run_timer_softirq<br /> __do_softirq<br /> __irq_exit_rcu<br /> irq_exit<br /> handle_domain_irq<br /> gic_handle_irq<br /> call_on_irq_stack<br /> do_interrupt_handler<br /> ...<br /> <br /> To fix this fold del_timer_sync() into lpuart_dma_rx_free() after<br /> dmaengine_terminate_sync() to make sure timer will not be re-started in<br /> lpuart_copy_rx_to_tty()
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53095

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/ttm: Fix a NULL pointer dereference<br /> <br /> The LRU mechanism may look up a resource in the process of being removed<br /> from an object. The locking rules here are a bit unclear but it looks<br /> currently like res-&gt;bo assignment is protected by the LRU lock, whereas<br /> bo-&gt;resource is protected by the object lock, while *clearing* of<br /> bo-&gt;resource is also protected by the LRU lock. This means that if<br /> we check that bo-&gt;resource points to the LRU resource under the LRU<br /> lock we should be safe.<br /> So perform that check before deciding to swap out a bo. That avoids<br /> dereferencing a NULL bo-&gt;resource in ttm_bo_swapout().
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53096

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> interconnect: fix mem leak when freeing nodes<br /> <br /> The node link array is allocated when adding links to a node but is not<br /> deallocated when nodes are destroyed.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53097

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/iommu: fix memory leak with using debugfs_lookup()<br /> <br /> When calling debugfs_lookup() the result must have dput() called on it,<br /> otherwise the memory will leak over time. To make things simpler, just<br /> call debugfs_lookup_and_remove() instead which handles all of the logic<br /> at once.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-53098

Publication date:
02/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: rc: gpio-ir-recv: add remove function<br /> <br /> In case runtime PM is enabled, do runtime PM clean up to remove<br /> cpu latency qos request, otherwise driver removal may have below<br /> kernel dump:<br /> <br /> [ 19.463299] Unable to handle kernel NULL pointer dereference at<br /> virtual address 0000000000000048<br /> [ 19.472161] Mem abort info:<br /> [ 19.474985] ESR = 0x0000000096000004<br /> [ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits<br /> [ 19.484081] SET = 0, FnV = 0<br /> [ 19.487149] EA = 0, S1PTW = 0<br /> [ 19.490361] FSC = 0x04: level 0 translation fault<br /> [ 19.495256] Data abort info:<br /> [ 19.498149] ISV = 0, ISS = 0x00000004<br /> [ 19.501997] CM = 0, WnR = 0<br /> [ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000<br /> [ 19.511432] [0000000000000048] pgd=0000000000000000,<br /> p4d=0000000000000000<br /> [ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP<br /> [ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last<br /> unloaded: rc_core]<br /> [ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted<br /> 6.2.0-rc1-00028-g2c397a46d47c #72<br /> [ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT)<br /> [ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS<br /> BTYPE=--)<br /> [ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110<br /> [ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30<br /> [gpio_ir_recv]<br /> [ 19.557294] sp : ffff800008ce3740<br /> [ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27:<br /> ffff800008ce3d50<br /> [ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24:<br /> ffffc7e3f9ef0e30<br /> [ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21:<br /> 0000000000000008<br /> [ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18:<br /> ffffffffffffffff<br /> [ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15:<br /> ffffffffffffffff<br /> [ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12:<br /> 0000000000000001<br /> [ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 :<br /> 0000000000000008<br /> [ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 :<br /> 000000000f0bfe9f<br /> [ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 :<br /> ffff006180382010<br /> [ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 :<br /> 0000000000000020<br /> [ 19.638548] Call trace:<br /> [ 19.640995] cpu_latency_qos_remove_request+0x20/0x110<br /> [ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv]<br /> [ 19.652339] pm_generic_runtime_suspend+0x2c/0x44<br /> [ 19.657055] __rpm_callback+0x48/0x1dc<br /> [ 19.660807] rpm_callback+0x6c/0x80<br /> [ 19.664301] rpm_suspend+0x10c/0x640<br /> [ 19.667880] rpm_idle+0x250/0x2d0<br /> [ 19.671198] update_autosuspend+0x38/0xe0<br /> [ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60<br /> [ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv]<br /> [ 19.685941] platform_probe+0x68/0xc0<br /> [ 19.689610] really_probe+0xc0/0x3dc<br /> [ 19.693189] __driver_probe_device+0x7c/0x190<br /> [ 19.697550] driver_probe_device+0x3c/0x110<br /> [ 19.701739] __driver_attach+0xf4/0x200<br /> [ 19.705578] bus_for_each_dev+0x70/0xd0<br /> [ 19.709417] driver_attach+0x24/0x30<br /> [ 19.712998] bus_add_driver+0x17c/0x240<br /> [ 19.716834] driver_register+0x78/0x130<br /> [ 19.720676] __platform_driver_register+0x28/0x34<br /> [ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv]<br /> [ 19.731404] do_one_initcall+0x44/0x2ac<br /> [ 19.735243] do_init_module+0x48/0x1d0<br /> [ 19.739003] load_module+0x19fc/0x2034<br /> [ 19.742759] __do_sys_finit_module+0xac/0x12c<br /> [ 19.747124] __arm64_sys_finit_module+0x20/0x30<br /> [ 19.751664] invoke_syscall+0x48/0x114<br /> [ 19.755420] el0_svc_common.constprop.0+0xcc/0xec<br /> [ 19.760132] do_el0_svc+0x38/0xb0<br /> [ 19.763456] el0_svc+0x2c/0x84<br /> [ 19.766516] el0t_64_sync_handler+0xf4/0x120<br /> [ 19.770789] el0t_64_sync+0x190/0x194<br /> [ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400)<br /> [ 19.780556] ---[ end trace 0000000000000000 ]---
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025